Please AMEND the claims as follows: 



1 . (Currently Amended) In a server adapted for authentication, authorization, and 
accounting, a method of generating a shared key between a Home Agent and a Mobile Node, 
comprising: 

receiving a request message bv the server from a Home Agent, the request message 
identifying the Mobile Node; 

deriving key information bv the server from a key or password associated with the 
Mobile Node; and 

sending a reply message bv the server to the Home Agent, the reply message 
including the key information associated with the Mobile Node, thereby enabling the Home 
Agent to derive a shared key to be shared between the Mobile Node and the Home Agent 
from the key information; 

wherein the reply message does not include the shared key to be shared between the 
Mobile Node and the Home Agent in any form. 

2. (Original) The method as recited in claim 1, wherein deriving key information 
comprises: 

deriving the key information from a second set of key information derived from the 
key or password. 

3. (Original) The method as recited in claim 1, wherein deriving key information 
comprises: 

obtaining the derived key information from a domain controller or server. 

4. (Original) The method as recited in claim 1, wherein the request message is an 
access request message and the reply message is an access reply message. 

5. (Cancelled) 

6. (Previously Presented) The method as recited in claim 1 §, further comprising: 
obtaining the key or password from a domain controller. 
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7. (Original) The method as recited in claim 6, wherein obtaining the key or 
password from the domain controller comprises: 

sending a request to the domain controller for key or password associated with the 
Mobile Node; and 

receiving the key or password associated with the Mobile Node from the domain 
controller. 

8. (Origina) The method as recited in claim 1, further comprising: 
applying the key information to authenticate the request message. 

9. (Original) The method as recited in claim 1, wherein the key or password is 
stored at the Mobile Node, thereby enabling the Mobile Node to derive the key information 
from the key or password. 

10. (Currently Amended) Li a Home Agent supporting Mobile IP, a method of 
authenticating a Mobile Node, comprising: 

receiving a Mobile IP registration request by the Home Agent from a Mobile Node, 
the Mobile IP registration request identifying the Mobile Node; 

sending a request message bv the Home Agent to a AAA server, the request message 
identifying the Mobile Node; 

receiving a reply message bv the Home Agent from the AAA server, the reply 
message including key information associated with the Mobile Node; 

deriving a key by the Home Agent from the key information, the key being a shared 
key between the Mobile Node and the Home Agent, wherein deriving the key from the key 
information does not include decryption of the key infomiation; and 

sending a Mobile IP registration reply by the Home Agent to the Mobile Node, 
wherein the Mobile IP registration reply does not include the key in any form. 

1 1 . (Previously Presented) The method as recited in claim 10, wherein the Mobile 
IP registration request includes a CHAP challenge and response. 

12. (Previously Presented) The method as recited in claim 10, wherein deriving a 
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key from the key information comprises deriving the key from the key information and a 
CHAP challenge and response obtained from the Mobile IP registration request. 

13. (Previously Presented) The method as recited in claim 10, wherein deriving the 
key and sending the Mobile IP registration reply to the Mobile Node are performed when the 
reply message received from the AAA server indicates that the Mobile Node is successfully 
authenticated. 

14. (Original) The method as recited in claim 10, wherein the request message is an 
access request message and the reply message is an access reply message. 

15. (Original) The method as recited in claim 10, wherein the Mobile Node is to 
derive the shared key from a second set of key information stored at the Mobile Node. 

16. (Original) The method as recited in claim 15, wherein the key information is 
equivalent to the second set of key information. 

17. (Original) The method as recited in claim 15, wherein the second set of key 
information stored at the Mobile Node is a root key, a password, or a key shared between the 
Mobile Node and the Home Agent in a previous session. 

18. (Original) The method as recited in claim 17, wherein the registration request 
includes a SPI, replay protection timestamp, and indicates an algorithm to be used to 
authenticate the registration reply, wherein the SPI, the replay protection timestamp, and the 
algorithm are associated with the second set of key information. 

19. (Original) The method as recited in claim 18, further comprising: 

installing the derived key, the SPI, the replay protection timestamp, and the algorithm 
in a security association. 

20. (Original) The method as recited in claim 17, wherein the registration reply 
includes a SPI, replay protection timestamp, and indicates an algorithm to be used to 
authenticate the registration reply, wherein the SPI, the replay protection timestamp, and the 
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algorithm are associated with the second set of key information. 

21. (Previously Presented) The method as recited in claim 10, wherein the Mobile 
IP registration reply indicates that the Mobile Node is to derive the shared key between the 
Mobile Node and the Home Agent. 

22. (Previously Presented) The method as recited in claim 21, wherein at least one 
of the presence of one or more extensions in the Mobile IP registration reply and an SPI in 
the Mobile IP registration reply indicates that the Mobile Node is to derive the shared key 
between the Mobile Node and the Home Agent. 

23. (Previously Presented) The method as recited in claim 10, wherein the Mobile 
IP registration request indicates that the Home Agent is to derive the shared key between the 
Mobile Node and the Home Agent from the key information. 

24. (Previously Presented) The method as recited in claim 23, wherein at least one 
of the presence of one or more extensions in the Mobile IP registration request and an SPI in 
the Mobile IP registration request indicates that the Home Agent is to derive the shared key 
between the Mobile Node and the Home Agent. 

25. (Previously Presented) The method as recited in claim 23, wherein the presence 
of an authentication protocol extension in the Mobile IP registration request indicates a 
protocol to be used to authenticate the Mobile IP registration request and derive the shared 
key. 

26. (Original) The method as recited in claim 23, wherein the presence of a session 
key extension and derived session key extension in the registration request indicates that both 
a session key and a derived session key are to be generated and installed. 

27. (Previously Presented) The method as recited in claim 26, further comprising: 
receiving a subsequent Mobile IP registration request from the Mobile Node to 

refresh the derived session key. 
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28. (Previously Presented) The method as recited in claim 27, further comprising: 
authenticating the subsequent Mobile IP registration request using the session key. 

29. (Previously Presented) The method as recited in claim 27, further comprising: 
sending a subsequent Mobile IP registration reply to the Mobile Node including the 

derived session key extension, wherein the Mobile IP registration reply is to be authenticated 
by the Mobile Node using the session key. 

30. (Original) The method as recited in claim 10, wherein the key information is a 
previously used session key shared between the Mobile Node and the Home Agent. 

31. (Original) The method as recited in claim 10, wherein the key information is 
derived from a password associated with the Mobile Node. 

32. (Cancelled) 

33. (Original) The method as recited in claim 10, further comprising: 
deriving a subsequent key from the shared key. 

34. (Original) The method as recited in claim 33, wherein deriving the subsequent 
key from the shared key is performed when a binding associated with the Mobile Node is 
cleared. 

35. (Original) The method as recited in claim 34, wherein the binding associated with 
the Mobile Node is cleared upon expiration of the lifetime of the Mobile Node or de- 
registration of the Mobile Node. 

36. (CuiTently Amended) In a Mobile Node, a method of registering with a Home Agent 
supporting Mobile IP, comprising: 

sending a Mobile IP r egistration request from the Mobile Node to the Home Agent; 

receiving a Mobile IP r egistration reply bv the Mobile Node from the Home Agent, 
the Mobile IP r egistration reply indicating that the Mobile Node is to derive a key to be 
shared between the Mobile Node and the Home Agent, wherein the Mobile IP registration 
reply does not include the key to be shared between the Mobile Node and the Home Agent in 
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any form; and 

deriving a key to be shared between the Mobile Node and the Home Agent from key 
information stored at the Mobile Node, wherein deriving the key from the key information 
does not include decryption of the key information. 

37. (Currently Amended) The method as recited in claim 36, wherein deriving a key from 
the key information comprises deriving the key from the key information and a CHAP 
challenge and response obtained from the Mobile IP r egistration reply. 

38. (Original) The method as recited in claim 36, wherein the key information is a 
root key, a password, or a key shared between the Mobile Node and the Home Agent in a 
previous session. 

39. (Currently Amended) The method as recited in claim 38, wherein the Mobile IP 
registration request includes a SPI, replay protection timestamp, and indicates an algorithm to 
be used to authenticate the Mobile IP r egistration request, wherein the SPI, the replay 
protection timestamp, and the algorithm are associated with the key information. 

40. (Currently Amended) The method as recited in claim 38, wherein the Mobile IP 
registration reply includes a SPI, replay protection timestamp, and indicates an algorithm to 
be used to authenticate the Mobile IP r egistration reply, wherein the SPI, the replay protection 
timestamp, and the algorithm are associated with the key information. 

41. (Currently Amended) The method as recited in claim 36, wherein the Mobile IP 
registration reply indicates whether the Mobile Node is to derive the shared key between the 
Mobile Node and the Home Agent, the method further comprising: 

determining from the Mobile IP r egistration reply whether the Mobile Node is to 
derive the key; 

wherein deriving a key is performed when it is determined from the Mobile IP 
registration reply that the Mobile Node is to derive the key. 

42. (Currently Amended) The method as recited in claim 41, wherein at least one of the 
presence of one or more extensions in the Mobile IP r egistration reply and an SPI in the 
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Mobile IP r egistration reply indicates that the Mobile Node is to derive the shared key 
between the Mobile Node and the Home Agent. 

43. (Currently Amended) The method as recited in claim 36, wherein the Mobile IP 
registration request indicates that the Home Agent is to derive the shared key between the 
Mobile Node and the Home Agent from a second set of key information received by the 
Home Agent. 

44. (Currently Amended) The method as recited in claim 43, wherein at least one of the 
presence of one or more extensions in the Mobile IP r egistration request and an SPI in the 
Mobile IP r egistration request indicates that the Home Agent is to derive the shared key 
between the Mobile Node and the Home Agent. 

45. (Previously Presented) A computer-readable medium storing thereon computer 
readable instructions for generating a shared key between a Home Agent and a Mobile Node 
in a server adapted for authentication, authorization, and accounting, comprising: 

instructions for receiving a request message from a Home Agent, the request message 
identifying the Mobile Node; 

instructions for deriving key information from a key or password associated with the 
Mobile Node; and 

instructions for sending a reply message to the Home Agent, the reply message 
including the key information associated with the Mobile Node, thereby enabling the Home 
Agent to derive a shared key to be shared between the Mobile Node and the Home Agent 
from the key information, wherein the reply message does not include the shared key in any 
form. 

46. (Previously Presented) A server adapted for authentication, authorization, and 
accounting, the server being adapted for generating a shared key between a Home Agent and 
a Mobile Node, comprising: 

a processor; and 

a memory, at least one of the processor and the memory being adapted for: 
receiving a request message from a Home Agent, the request message identifying the 
Mobile Node; 
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deriving key information from a key or password associated with the Mobile Node; 

and 

sending a reply message to the Home Agent, the reply message including the key 
information associated with the Mobile Node, thereby enabling the Home Agent to derive a 
shared key to be shared between the Mobile Node and the Home Agent from the key 
information, wherein the reply message does not include the shared key in any form. 

47. (Previously Presented) A server adapted for authentication, authorization, and 
accounting, the server being adapted for generating a shared key between a Home Agent and 
a Mobile Node, comprising: 

means for receiving a request message from a Home Agent, the request message 
identifying the Mobile Node; 

means for deriving key information from a key or password associated with the 
Mobile Node; and 

means for sending a reply message to the Home Agent, the reply message including 
the key information associated with the Mobile Node, thereby enabling the Home Agent to 
derive a shared key to be shared between the Mobile Node and the Home Agent from the key 
information, wherein the reply message does not include the shared key in any form. 

48. (Currently Amended) A computer-readable medium storing thereon computer- 
readable instructions for authenticating a Mobile Node in a Home Agent supporting Mobile 
BP, comprising: 

instructions for receiving a Mobile IP r egistration request from a Mobile Node, the 
Mobile IP r egistration request identifying the Mobile Node; 

instructions for sending a request message to a AAA server, the request message 
identifying the Mobile Node; 

instructions for receiving a reply message from the AAA server, the reply message 
including key information associated with the Mobile Node; 

instructions for deriving a key from the key information, the key being a shared key 
between the Mobile Node and the Home Agent, wherein deriving the key from the key 
information does not include decryption of the key information; and 

instructions for sending a Mobile IP r egistration reply to the Mobile Node, wherein 
the Mobile IP r egistration reply does not include the shared key in any form. 
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49. (Currently Amended) A Home Agent supporting Mobile IP, the Home Agent being 
adapted for authenticating a Mobile Node, comprising: 

a processor; and 

a memory, at least one of the processor and the memory being adapted for: 
receiving a Mobile IP r egistration request from a Mobile Node, the Mobile IP 

registration request identifying the Mobile Node; 

sending a request message to a AAA seiver, the request message identifying the 

Mobile Node; 

receiving a reply message from the AAA server, the reply message including key 
information associated with the Mobile Node; 

deriving a key from the key information, the key being a shared key between the 
Mobile Node and the Home Agent, wherein deriving the key from the key information does 
not include decryption of the key information; and 

sending a Mobile IP r egistration reply to the Mobile Node, wherein the Mobile IP 
registration reply does not include the shared key in any form. 

50. (Currently Amended) A Home Agent supporting Mobile IP and adapted for 
authenticating a Mobile Node, comprising: 

means for receiving a Mobile IP r egistration request from a Mobile Node, Mobile IP 
the registration request identifying the Mobile Node; 

means for sending a request message to a AAA server, the request message 
identifying the Mobile Node; 

means for receiving a reply message from the AAA server, the reply message 
including key information associated with the Mobile Node; 

means for deriving a key from the key information, the key being a shared key 
between the Mobile Node and the Home Agent, wherein deriving the key from the key 
information does not include decryption of the key information; and 

means for sending a Mobile IP r egistration reply to the Mobile Node, wherein the 
Mobile IP r egistration reply does not include the shared key in any form. 

51. (Currently Amended) A computer-readable medium storing thereon computer- 
readable instructions for registering a Mobile Node with a Home Agent supporting Mobile 
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IP, comprising: 

instructions for sending a Mobile IP r egistration request to the Home Agent; 

instructions for receiving a Mobile IP r egistration reply from the Home Agent, the 
Mobile IP r egistration reply indicating that the Mobile Node is to derive a key to be shared 
between the Mobile Node and the Home Agent, wherein the Mobile IP r egistration reply does 
not include the key to be shared between the Mobile Node and the Home Agent in any form; 
and 

instructions for deriving a key to be shared between the Mobile Node and the Home 
Agent from key information stored at the Mobile Node, wherein deriving the key from the 
key information does not include decryption of the key information. 

52. (Currently Amended) A Mobile Node adapted for registering with a Home Agent 
supporting Mobile IP, comprising: 

a processor; and 

a memory, at least one of the processor and the memory being adapted for: 

sending a Mobile IP r egistration request to the Home Agent; 

receiving a Mobile IP registration reply from the Home Agent, the Mobile IP 
registration reply indicating that the Mobile Node is to derive a key to be shared between the 
Mobile Node and the Home Agent, wherein the Mobile IP r egistration reply does not include 
the key in any form; and 

deriving a key to be shared between the Mobile Node and the Home Agent from key 
information stored at the Mobile Node, wherein deriving the key from the key information 
does not include decryption of the key information. 

53. (Currently Amended) A Mobile Node adapted for registering with a Home Agent 
supporting Mobile IP, comprising: 

means for sending a Mobile IP r egistration request to the Home Agent; 

means for receiving a Mobile IP r egistration reply from the Home Agent, the Mobile 
IP registration reply indicating that the Mobile Node is to derive a key to be shared between 
the Mobile Node and the Home Agent, wherein the Mobile IP r egistration reply does not 
include the key in any form; and 
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means for deriving a key to be shared between the Mobile Node and the Home Agent 
from key information stored at the Mobile Node, wherein deriving the key from the key 
information does not include decryption of the key information. 

54. (Previously Presented) The method as recited in claim 1, wherein deriving key 
information from a key or password associated with the Mobile Node includes: 

deriving the key information from a password, wherein the key information is not 
derived from a key. 

55. (Previously Presented) The method as recited in claim 1, the reply message 
does not include the shared key to be shared between the Mobile Node and the Home Agent 
in an encrypted form or a decrypted form. 
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